Hackers take down KKK website and expose private data through host provider Staminus

A California-based internet hosting provider called Staminus Communications which specialises in protecting customers against website-crippling surges of traffic called 'distributed denial of service (DDoS)' attacks has been taken offline by a hacking collective known as 'FTA'.

Within 24 hours of first reporting network issues and outages, sensitive internal company data from Staminus started to appear online including troves of customer credentials, support tickets and credit card numbers. The leak, since posted in full on Tor, reportedly contains over 15GB worth of data stolen from both Staminus and a related anti-DDoS website called Intreppid.

However, in a strange twist, the hackers also claim to have taken down and compromised the database of one of Staminus' more notorious clients: the Ku Klux Klan.

"This was a real treat and one that completely blindsided our team," the hackers wrote in a post alongside the leaked data. "Yes, that's right, Staminus was hosting the KKK and it's [sic] affiliates. An organisation legally recognised in some regions as a terrorist collective. Not that we hold anything against the KKK. Choosing such an awful host as Staminus however is unforgiveable, and consequently they had to be punished."

Indeed, at the time of writing the KKK website is also offline.

Why hackers went after Staminus

Security researcher Brian Krebs, who first documented the leak of information, said: "The authors of this particular [leak] indicated that they seized control over most or all of Staminus's internet routers and reset the devices to their factory settings. They also accuse Staminus of 'using one root password for all the boxes,' and of storing customer credit card data in plain text, which is violation of payment card industry standards."

The ongoing troubles have been documented on the firm's social media channels which have been providing updates to frustrated customers since the outages began.

"A rare event cascaded across multiple routers in a system wide event, making our backbone unavailable," Staminus wrote to its customers on 10 March. "Our technicians quickly began working to identify the problem. We understand and share your frustration. We currently have all hands on deck working to restore service but have no ETA for full recovery."

The last update at the time of writing states: "Global services are now back online, ancillary services are currently being brought back online. We expect full service restoration soon." While Staminus appears to have restored service to a number of its internal systems, at the time of writing the main company website still displays a black page with a short message that informs customers to check social media for updates.

Other than the system updates, the firm has not yet indicated what exactly caused the system-wide outage or confirmed if any of the credentials leaked are genuine.

Meanwhile, a Redditor who analysed the leaked credentials warned: "If you use Staminus make sure you cancel your credit card and change your root passwords. This is a full leak. The attack group is professional and they had access to all of the root master servers, PDUs, and potentially hundreds or thousands more servers with unchanged root passwords. They brought down their entire network [...] Information about the leak is now public and the attacker has dumped 15+ GB on Tor."